Adoptable Cookbooks List

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Parameters

search_groupString groups name to search for, defaults to resource name

group_nameString name of the group to create, defaults to resource name

group_idInteger numeric id of the group to create, default is to allow the OS to pick next

cookbookString name of the cookbook that the authorized_keys template should be found in

manage_nfs_home_dirsBoolean whether to manage nfs home directories.

Otherwise, this cookbook is specific for setting up sysadmin group and users with the sysadmins recipe for now.

Recipe Overview

Deprecation Notice

This recipe has been deprecated and the resource will be removed from the recipe in a new major release of this cookbook in April 2017. The functionality can easily be recreated and changed to suit your organization by copying the single resource below into your own cookbook.

sysadmins.rb: recipe that manages the group sysadmins with group id 2300, and adds users to this group.

To use:

include_recipe "users::sysadmins"

The recipe is defined as follows:

users_manage "sysadmin" do
group_id 2300
action [ :create ]
end

This users_manage resource searches the users data bag for the sysadmin group attribute, and adds those users to a Unix security group sysadmin. The only required attribute is group_id, which represents the numeric Unix gid and must be unique. The default action for the resource is :create.

The recipe, by default, will also create the sysadmin group. The sysadmin group will be created with GID 2300.

Data bag Overview

Reminder Data bags generally should not be stored in cookbooks, but in a policy repo within your organization. Data bags are useful across cookbooks, not just for a single cookbook.

Use knife to create a data bag for users.

$ knife data bag create users

Create a user in the data_bag/users/ directory.

An optional password hash can be specified that will be used as the user's password.

The hash can be generated with the following command.

$ openssl passwd -1 "plaintextpassword"

Note: The ssh_keys attribute below can be either a String or an Array. However, we are recommending the use of an Array.

Note only user bags with the "action : remove" and a search-able "group" attribute will be purged by the :remove action.

As of v2.0.3 you can use the force parameter within the user data bag object for users with action remove. As per user docs this may leave the system in an inconsistent state. For example, a user account will be removed even if the user is logged in. A user’s home directory will be removed, even if that directory is shared by multiple users.

If you have different requirements, for example:
- You want to search a different data bag specific to a role such as
- mail. You may change the data_bag searched.
- data_bag mail

Knife supports reading data bags from a file and automatically looks in a directory called +data_bags+ in the current directory. The "bag" should be a directory with JSON files of each item. For the above:

$ mkdir data_bags/users
$EDITOR data_bags/users/bofh.json

Paste the user's public SSH key into the ssh_keys value. Also make sure the uid is unique, and if you're not using bash, that the shell is installed.

The Apache cookbook can set up authentication using OpenIDs, which is set up using the openid key here. See the Chef Software 'apache2' cookbook for more information about this.

License & Authors

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.